Let's talk


May 22, 2019 | Authored by: Vindicia Team

New regulation for authenticating EU payments to take effect in september 2019

Updated November 2019: Due to a general lack of readiness, and following announcements from over 20 national supervisory bodies of delays of SCA enforcement, in October 2019, the European Banking Authority (EBA) published a new Opinion on the migration and timeline of PSD2 SCA in which the EBA allowed national supervisory bodies not to enforce the regulation until December 31, 2020. Vindicia continues to track the progress of PSD2 SCA readiness. Check back here for updates in the future.


Payment Services Directive 2 (PSD2) is a new regulation that applies to subscription businesses located or acting in the European Union (EU). Critical information with respect to compliance with PSD2 can be found at the European Payment Council’s site regarding PSD2.

What is PSD2?

PSD2 takes effect on September 14, 2019. This regulation impacts subscription businesses whose acquirer is in the EU or acquirer has an EU license and which are transacting online with customers' credit card whose issuer is also in the EU.

PSD2 applies to all online transactions, including payments made via credit cards and alternative payment methods, subject to certain exemptions (see European Payment Council document for comprehensive details and requirements). While many alternative payment methods may already be PSD2-compliant (e.g., Apple Pay and Google Pay), others may not yet be PSD2 compliant (e.g., PayPal).

The main requirement of PSD2 is Strong Customer Authentication (SCA). SCA requires that new subscribers go through a 3DSv2 process when purchasing online. This process serves to verify (or "authenticate") the subscriber’s identity and that they are the valid holder of the credit card they’re using to complete their purchase.

How PSD2 affects your use of Vindicia services

The primary regulatory requirements of PSD2 apply to a subscription business’ PSP (“Payment Service Provider” or “payment gateway”) and not to Vindicia directly.

Vindicia customers should contact their gateway/processor in order to understand the payment provider’s plan for PSD2 compliance and to start using any SCA-compliant 3DSv2 solution that the payment provider supports.

For any question, please contact Vindicia support at support@vindicia.com

This overview is not intended as a guide to compliance with PSD2 and should not be considered legal or financial advice.

About Author

Vindicia Team

Vindicia Team

We value our subject matter experts and the insights each of them brings to the table. We want to encourage more thought leaders to come together and share their industry knowledge through our blog. Think you have something interesting to contribute as a guest blogger? Contact us at info@vindicia.com